Return-Path: linux-nfs-owner@vger.kernel.org Received: from mx2.netapp.com ([216.240.18.37]:54212 "EHLO mx2.netapp.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752414Ab1KRSfe convert rfc822-to-8bit (ORCPT ); Fri, 18 Nov 2011 13:35:34 -0500 Message-ID: <1321641333.2653.15.camel@lade.trondhjem.org> Subject: Re: [PATCH] Add "-e" option to rpc.gssd to allow error on ticket expiry. Try 2 with added man pages. From: Trond Myklebust To: John Hughes Cc: linux-nfs@vger.kernel.org, linux-kernel@vger.kernel.org Date: Fri, 18 Nov 2011 20:35:33 +0200 In-Reply-To: <4EC66D12.2090505@Calva.COM> References: <4EC66D12.2090505@Calva.COM> Content-Type: text/plain; charset="UTF-8" Mime-Version: 1.0 Sender: linux-nfs-owner@vger.kernel.org List-ID: On Fri, 2011-11-18 at 15:34 +0100, John Hughes wrote: > Description: Add "-e" (ticket expiry is error) option to rpc.gssd > In kernels starting around 2.6.34 the nfs4 server will block all I/O > when a user ticket expires. In earlier kernels the I/O would fail > with an EACCESS error. This patch adds a "-e" option to rpc.gssd > which allow the earlier behaviour (EKEYEXPIRED is converted to > EACCESS). This behaviour is particularly useful when user home > directories are nfs4 mounted with krb5 security - if the user is > absent from their workstation for long enough for the ticket to > expire a new ticket will be obtained (via pam_krb5) by the screen > unlock process. You need a big fat warning somewhere that enabling this option WILL cause data corruption... Trond -- Trond Myklebust Linux NFS client maintainer NetApp Trond.Myklebust@netapp.com www.netapp.com